PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-15028 Red Hat CVE debrief

A heap overflow vulnerability was found in libarchive, which can be triggered by providing a specially crafted tar archive. The issue occurs during the parsing of a PAX extended header containing a malformed SUN.holesdata sparse-file attribute. Successful exploitation could lead to a denial of service, making the system unavailable, or potentially allow for arbitrary code execution. This vulnerability affects users of libarchive who handle tar archives from untrusted sources, particularly in environments where archive files are processed without thorough validation.

Vendor
Red Hat
Product
Red Hat Enterprise Linux 10
CVSS
LOW 3.9
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-10
Original CVE updated
2026-07-10
Advisory published
2026-07-10
Advisory updated
2026-07-10

Who should care

Users of libarchive, particularly those who handle tar archives from untrusted sources, such as system administrators, developers, and security teams responsible for maintaining and securing systems that utilize libarchive, should be aware of this vulnerability and take steps to mitigate it. This includes reviewing archive processing workflows, ensuring proper validation of archive files, and applying patches or updates provided by the vendor.

Technical summary

The vulnerability is caused by a heap overflow during the parsing of a PAX extended header containing a malformed SUN.holesdata sparse-file attribute in a specially crafted tar archive. This can lead to a denial of service or potentially allow for arbitrary code execution. The issue affects users of libarchive who handle tar archives from untrusted sources, particularly those in environments where archive files are processed without thorough validation.

Defensive priority

High

Recommended defensive actions

  • Inventory and assess systems that use libarchive
  • Apply patches or updates provided by the vendor
  • Implement compensating controls, such as validating tar archives before processing
  • Monitor systems for suspicious activity
  • Review and update incident response plans to include procedures for handling potential exploitation of this vulnerability
  • Conduct a thorough review of archive processing workflows to identify and mitigate potential vulnerabilities
  • Verify that all necessary security controls are in place to prevent exploitation of this vulnerability

Evidence notes

The CVE record was published on 2026-07-10T10:16:23.417Z and was last modified on 2026-07-10T12:16:32.100Z. The NVD entry is currently in the 'Received' status. The libarchive vulnerability allows remote attackers to trigger a heap overflow via a specially crafted tar archive, potentially leading to denial of service or arbitrary code execution. Evidence is limited to CVE and NVD details, and further verification is needed to confirm the full scope of the vulnerability.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-10T10:16:23.417Z and has not been modified since then.